import: properly verify roothash_signature + verity download, too

author Lennart Poettering <lennart@poettering.net>

Fri, 29 Jan 2021 15:24:14 +0000 (16:24 +0100)

committer Lennart Poettering <lennart@poettering.net>

Fri, 29 Jan 2021 15:40:20 +0000 (16:40 +0100)
author Lennart Poettering <lennart@poettering.net>
Fri, 29 Jan 2021 15:24:14 +0000 (16:24 +0100)
committer Lennart Poettering <lennart@poettering.net>
Fri, 29 Jan 2021 15:40:20 +0000 (16:40 +0100)
diff --git a/src/import/pull-common.c b/src/import/pull-common.c

index 403a0952bcf0ddd89e49b668b90354b6f4c8385f..75c5c7493ec4d7f3cb2395fceefefcd73f2232ce 100644 (file)
--- a/src/import/pull-common.c
+++ b/src/import/pull-common.c
@@ -490,12 +490,15 @@ finish:
  
  int pull_verify(ImportVerify verify,
                  PullJob *main_job,
-                PullJob *roothash_job,
-                PullJob *settings_job,
                  PullJob *checksum_job,
-                PullJob *signature_job) {
+                PullJob *signature_job,
+                PullJob *settings_job,
+                PullJob *roothash_job,
+                PullJob *roothash_signature_job,
+                PullJob *verity_job) {
  
          VerificationStyle style;
+        PullJob *j;
          int r;
  
          assert(main_job);
@@ -513,17 +516,11 @@ int pull_verify(ImportVerify verify,
                  return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
                                         "Checksum is empty, cannot verify.");
  
-        r = verify_one(checksum_job, main_job);
-        if (r < 0)
-                return r;
-
-        r = verify_one(checksum_job, roothash_job);
-        if (r < 0)
-                return r;
-
-        r = verify_one(checksum_job, settings_job);
-        if (r < 0)
-                return r;
+        FOREACH_POINTER(j, main_job, settings_job, roothash_job, roothash_signature_job, verity_job) {
+                r = verify_one(checksum_job, j);
+                if (r < 0)
+                        return r;
+        }
  
          if (verify == IMPORT_VERIFY_CHECKSUM)
                  return 0;
diff --git a/src/import/pull-common.h b/src/import/pull-common.h

index acbbab7eabf6c260342dd9819f715a135c3f05e3..d420025faba5532c06b4baf05a931973723fe2dd 100644 (file)
--- a/src/import/pull-common.h
+++ b/src/import/pull-common.h
@@ -27,7 +27,7 @@ int pull_make_path(const char *url, const char *etag, const char *image_root, co
  int pull_make_auxiliary_job(PullJob **ret, const char *url, int (*strip_suffixes)(const char *name, char **ret), const char *suffix, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
  int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
  
-int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *roothash_job, PullJob *settings_job, PullJob *checksum_job, PullJob *signature_job);
+int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, PullJob *settings_job, PullJob *roothash_job, PullJob *roothash_signature_job, PullJob *verity_job);
  
  typedef enum VerificationStyle {
          VERIFICATION_PER_FILE,      /* SuSE-style ".sha256" files with inline gpg signature */
diff --git a/src/import/pull-raw.c b/src/import/pull-raw.c

index 0985dddef372f3d2a000e3d048bea40fcee45528..c9bda3c3b48cfbb72023547f2a8bf7c3845dcc2f 100644 (file)
--- a/src/import/pull-raw.c
+++ b/src/import/pull-raw.c
@@ -542,7 +542,14 @@ static void raw_pull_job_on_finished(PullJob *j) {
  
                  raw_pull_report_progress(i, RAW_VERIFYING);
  
-                r = pull_verify(i->verify, i->raw_job, i->roothash_job, i->settings_job, i->checksum_job, i->signature_job);
+                r = pull_verify(i->verify,
+                                i->raw_job,
+                                i->checksum_job,
+                                i->signature_job,
+                                i->settings_job,
+                                i->roothash_job,
+                                i->roothash_signature_job,
+                                i->verity_job);
                  if (r < 0)
                          goto finish;
  
diff --git a/src/import/pull-tar.c b/src/import/pull-tar.c

index 90f439f998dd1e5bef78592d04bc0bf6e0e42bce..a2ba56df2f39262a67fe6f1b9c757bc8d54c98ce 100644 (file)
--- a/src/import/pull-tar.c
+++ b/src/import/pull-tar.c
@@ -336,7 +336,14 @@ static void tar_pull_job_on_finished(PullJob *j) {
  
                  tar_pull_report_progress(i, TAR_VERIFYING);
  
-                r = pull_verify(i->verify, i->tar_job, NULL, i->settings_job, i->checksum_job, i->signature_job);
+                r = pull_verify(i->verify,
+                                i->tar_job,
+                                i->checksum_job,
+                                i->signature_job,
+                                i->settings_job,
+                                /* roothash_job = */ NULL,
+                                /* roothash_signature_job = */ NULL,
+                                /* verity_job = */ NULL);
                  if (r < 0)
                          goto finish;
author	Lennart Poettering <lennart@poettering.net>
	Fri, 29 Jan 2021 15:24:14 +0000 (16:24 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 29 Jan 2021 15:40:20 +0000 (16:40 +0100)
src/import/pull-common.c		patch \| blob \| blame \| history
src/import/pull-common.h		patch \| blob \| blame \| history
src/import/pull-raw.c		patch \| blob \| blame \| history
src/import/pull-tar.c		patch \| blob \| blame \| history